Headlines about quantum computing increasingly suggest that Bitcoin is on the brink of collapse, with claims that future machines could crack its cryptography in minutes or overwhelm the network entirely.
But academic research presents a more limited picture. Some widely cited “advances” are based on simplified problems that do not reflect real-world cryptography. What about quantum attacks on Bitcoin? The energy required is equivalent to a small star, according to research papers shared on X by Bitcoin hardware entrepreneur Rodolfo Novak.
Bitcoin’s security is based on two different types of mathematics, and quantum computers threaten them in two different ways.
One of them, known as Shor’s algorithm, targets the security of the wallet. In theory, it allows a sufficiently powerful quantum computer to derive a private key from a public key. That would allow an attacker to take control of the funds directly, breaking the ownership guarantees that underpin Bitcoin.
The other, known as Grover’s algorithm, is applied to mining. It offers a theoretical speedup on the trial-and-error searching that miners do, but as one of the articles below shows, that advantage largely evaporates once you try to build the machine.
The two threats often appear confused in the headlines. But they arrive very differently once real-world limitations are taken into account.
Two recent articles highlighted in a thread about X (one a sober engineering analysis, the other a deadpan satire) make that argument from opposite directions. Together, they suggest, along with a thread summarizing research and opposing views, the current panic on crypto Twitter is combining genuine long-term concern with a theater-based news cycle.
Mining hits a wall made of physics
The first paper, by Pierre-Luc Dallaire-Demers and the BTQ Technologies team, published in March 2026, asks whether a quantum computer could actually outperform BTC using Grover’s algorithm, a quantum technique that could allow a computer to guess a problem much faster than any normal machine; in the case of bitcoin, speeding up the trial-and-error search process that miners use to find valid blocks.
There is more at stake than it seems. Mining is what protects BTC from a 51% attack, the scenario where a single actor controls enough hashing power to rewrite the history of recent transactions, spend coins twice, or censor the network. If a quantum miner could dominate block production, the consensus itself would be at stake, not just individual wallets.
In theory, Grover offers a path to that mastery. In practice, the researchers argue, the answer breaks down once the price of the hardware and its power needs are fixed. Running Grover against SHA-256, the mathematical formula that bitcoin miners race to solve to add new blocks to the blockchain and earn rewards, would be physically impossible.
Running the algorithm against bitcoin would require quantum hardware on a scale that no one knows how to build.
Each step of the search involves hundreds of thousands of delicate operations, each requiring its own dedicated support system of thousands of qubits just to keep errors under control. And because bitcoin produces a new block every ten minutes, any attacker would have only a narrow window to finish the job, forcing them to run huge numbers of these machines side by side.
At Bitcoin difficulty in January 2025, the authors estimate that a quantum mining fleet would need approximately 10²³ qubits consuming 10²⁵ watts, approaching the energy output of a star (for reference, this is still 3% of Earth’s Sun). In comparison, the entire current Bitcoin blockchain consumes around 15 gigawatts.
A 51% quantum attack is not only expensive. It is physically unattainable at any scale that a real civilization can achieve.
Quantum factorization records are mostly theater.
The second paper, by Peter Gutmann of the University of Auckland and Stephan Neuhaus of Zürcher Hochschule in Switzerland, points to a different part of the narrative: the constant drumbeat of headlines claiming that quantum computers are already beginning to break encryption.
The authors set out to replicate all the important “advances” in quantum factorization of the last two decades. They did it: using a 1981 VIC-20 home computer, an abacus, and a dog named Scribble, trained to bark three times.
The joke comes because the underlying point is serious. Factoring is the central mathematical problem of most modern ciphers: taking a very large number and finding the two prime numbers that are multiplied together to get it.
For a number with hundreds of digits, it is believed that this is effectively impossible on any normal computer. Shor’s algorithm, the quantum technique behind the bitcoin wallet threat, is why people are worried that quantum machines could eventually do it.
But according to Gutmann and Neuhaus, almost all demonstrations so far have cheated. In some cases, the researchers chose numbers whose hidden prime factors were only a few digits apart, making them easy to guess with a basic calculator trick.
In others, they first ran the hard part of the problem on a regular computer (a step called preprocessing) and then handed a simplified, trivially easy version to the quantum machine to “solve.” The quantum computer gets credit for the breakthrough, but the real work was done elsewhere.
The authors focus on a recent paper that claimed a Chinese team had used a D-Wave machine to make progress toward breaking RSA-2048, the encryption standard that protects most Internet banking, email, and e-commerce traffic.
The researchers published ten example numbers as proof. Gutmann and Neuhaus ran those numbers through a VIC-20 emulator and recovered the answers in about 16 seconds each. The prime numbers had been chosen to be a few digits apart, making them easy to find with an algorithm that mathematician John von Neumann adapted from an abacus technique in 1945.
Why does this keep happening? The authors suggest a simple answer: quantum factorization is a high-profile field with limited real-world results, and the incentive to publish something that sounds impressive is strong.
Picking rigged numbers or doing most of the work classically allows researchers to claim a new “record” without actually advancing the underlying science. The article proposes new evaluation standards that would require random numbers, no preprocessing, and factors kept secret from experimenters. No demonstration to date would pass.
The conclusion is not that quantum computing is harmless. Not that every “breakthrough” headline represents real progress toward modern crypto breaking, and traders should be skeptical when the next one arrives.
What still deserves concern
Neither article completely rules out the quantum threat.
The real vulnerability is bitcoin wallets, not mining. Millions of bitcoins sit in old or reused addresses where key information is already exposed on the blockchain, making them the most likely long-term target if quantum machines improve.
Since these articles were published, what has changed is not the threat, but the estimates. A recent paper from Google researchers suggests that the computing power needed for such an attack could decrease dramatically, as the encryption that protects the Bitcoin blockchain is vulnerable in an attack that lasts a few minutes.
That doesn’t mean the attack is close. The authors reveal in the article that building such a machine is currently physically impossible and requires engineering advances that have not yet been made: from the lasers that control the qubits to the speed at which they can be read and the ability to keep tens of thousands of atoms working together without losing them.
There are also signs that the public’s view may be incomplete. Some recent research has obscured key technical details and experts have warned that advances in this field may not always be shared openly.
Still, developers are already working on solutions, including ways to reduce key exposure and new types of signatures designed to resist quantum attacks.
The markets reflect the opinion that this threat remains stuck in the classrooms. Traders see little chance of bitcoin replacing its mining algorithm before 2027, but assign much higher probabilities, around 40%, to upgrades like BIP-360 aimed at reducing wallet risk.
The quantum threat to Bitcoin is real, but it is important to remember that the construction of the machines used to attack blockchain is limited by the limits of physics.
